Privacy and data protection policy

Stonly is a new medium for help and how-to content; solving the universal need for businesses, publishers, teachers - everyone, really - to teach audiences and users more effectively. Stonly empowers content creators to make interactive, step-by-step guides which can be embedded anywhere. Stonly (or "we", "us", "our") strives to preserve the confidentiality and security of the personal data that it processes, i.e. any information that makes it possible to identify, directly (surname, first name, profile photo, etc.) or indirectly (IP address, etc.) a natural person (the "Personal Data"). To this end, we have put in place strict procedures and made strong commitments which are described in this document (the "Privacy Policy").

1. When does the Privacy Policy apply?

The Privacy Policy applies as soon as you voluntarily communicate your Personal Data (i.e. it applies when you communicate your Personal Data by subscribing to our newsletter, by requesting or scheduling a demo, by giving you email address to get resources or content, by submitting a support inquiry or directly emailing to Stonly for information or by creating a client account, but it also applies when Stonly collects your Personal Data to manage the platform user access, to manage the after-sale service, and to analyze statistics regarding the website) or as soon as Stonly collects it.

2. Who are we?

Stonly acts as data controller, i.e. Stonly is the entity responsible for processing your Personal Data. Information about Stonly is available on the Legal Notice.

3. What are our commitments?

Stonly has made protection of Personal Data and privacy one of its priorities. we have thus chosen to work towards greater transparency.

Stonly is committed to processing your Personal Data in the strict respect of the Regulations (as defined below), this Privacy Policy and, when applicable, the lawful instructions of our clients - data controllers. Thus, and pursuant to the principle of data minimization, Stonly ensures to process only Personal Data strictly necessary regarding the specified, explicit, and legitimate purposes for which they are processed. The processing will only be carried out for the time necessary to achieve these purposes and within the framework of strict security and confidentiality measures.

4. Which regulations apply to the use of your Personal Data?

The regulations applicable to the processing of Personal Data cover all national and European laws and regulations in force and in particular (i) the European Data Protection Regulation 2016/679 of 27 April 2016 (the "GDPR"), (ii) the French provisions of Law No. 78-17 of January 6, 1978 as amended, (iii) the European Directive 2002/58/EC of July 12, 2002 and (iv) guidelines, opinions, recommendations, advice of the supervisory authorities, certifications, approvals and final court decisions (altogether, the "Regulations").

5. What are the Personal Data processing activities operated by Stonly?

Stonly operates three kinds of processing of Personal Data:

• as a data controller, Stonly processes Personal Data of employees / collaborators / service providers of clients (or clients who are individuals) platform users, etc. (5.1.1),
• as a data controller, Stonly processes Internet users’ Personal Data for prospecting purposes (5.1.2),
• as a data processor, Stonly processes Personal Data of Internet users on the sole instructions of its clients, acting as data controllers (5.2).

5.1 When Stonly acts as data controller:

5.1.1 If you are a client of Stonly or if, in general, you have a commercial relationship with us, we may collect and process Personal Data of your employees / collaborators / service providers or platform users (name, first name(s), business email address, telephone number, status within the client’s company, browsing data) for the following purposes:

Your Personal Data is only stored by our services for the time strictly necessary, namely two (2) years from the end of the contractual relationship between Stonly and you or, as regards the data strictly necessary for Stonly to comply with its legal obligations, for the applicable statute of limitations.

The guides created by a user can be kept available even after the user account has been deleted without any further storage of Personal Data.

Stonly only communicates your Personal Data to the recipients who need to have access to it: Stonly’s commercial, accounting and marketing departments and its data processors, to the extent necessary for the accomplishment of the tasks entrusted to them.

5.1.2 When you consult a client’s guide, Stonly may process visitors’ anonymized data on its own behalf for the following purpose:

The Personal Data processed as part of the anonymization process is kept for one (1) year.

Stonly only communicates your Personal Data to the recipients who need to have access to it: Stonly’s commercial and marketing departments and its data processors, to the extent necessary for the accomplishment of the tasks entrusted to them.

5.1.3 When you (or your employer) are prospects of Stonly and/or when you visit our website, you may (i) communicate your name, first name(s), email address, browsing data etc. to us in order to subscribe to our newsletter and/or request additional information about Stonly’s services (e.g. by contacting Stonly’s support, downloading materials or asking for a scheduled demonstration) or (ii) authorize Stonly to place cookies on your terminal.

Your Personal Data is processed for the following purposes:

Personal Data processed for the purposes of receiving our newsletter is kept until you unsubscribe via the “unsubscribe” link included in each newsletter. The Personal Data processed for providing targeted advertising is kept for one (1) year.

Stonly only discloses your Personal Data to recipients who need to have access to it: Stonly’s sales, accounting and marketing departments and its data processors, to the extent necessary to perform the tasks assigned to them.

When Stonly acts as a processor:

When Stonly acts as a data processor, it is on behalf and on the instructions of its clients.

Within the framework of our knowledge-sharing activity, we are led to process your Personal Data (browsing data, IP address, and all data filled within the guides’ free fields) in order to allow our clients to operate our products efficiently.

You are invited to consult the information notice / privacy policy of each of the relevant content editors to obtain information on their own methods of processing your Personal Data.

6. What exactly is a cookie? How do we use them? How can you manage them?

"Cookies" are small data files placed on your device when you browse web pages subject to the choices you have made, in order to store and receive identifiers and other browsing information.

Cookies are used on the website and any Stonly’s services to (i) facilitate your browsing, (ii) offer you personalised advertising and (iii) compile visit statistics:

• User preferences and authentication cookies: they enable us to identify unique users across browsing sessions and allow them to sign up and register their preferences;
• Targeted advertising cookies: they enable us to optimise the advertisements offered to you on the website in order to offer you advertisements that are likely to interest you and to limit the repetition of the same advertisement;
• Statistical cookies: they enable us to establish statistics on website traffic and to detect browsing problems in order to monitor and improve the quality of our services.

You may at any time set your browser to express and modify your wishes regarding cookies, in particular by refusing certain cookies.

You can also use the interface that we make available to you via the cookie banner that appears when you first connect to the website or after any deletion of your cookies.

We remind you that, by disabling targeted advertising cookies and/or statistic cookies:

• you will continue to be exposed to advertising, but it will no longer be targeted according to your preferences identified based on your browsing profile. The deactivation of targeted advertising does not affect the volume of advertisements to which you are exposed but impacts their relevance; and/or
• your visit to the website will no longer be counted in our traffic measurement tools.

The Personal Data collected via our cookies are kept for one (1) year.

7. What are our requirements with respect to third party recipients?

We ask the recipients of your Personal Data to act in compliance with the Regulations and, in particular, to pay close attention to the confidentiality of your Personal Data.

8. Do we Transfer Your Personal Data outside the European Union?

The Personal Data collected may be processed outside the European Union by our data processors. In this case, Stonly takes the necessary steps with its data processors and partners to ensure an adequate level of protection to your Personal Data, in accordance with the Regulations. To do so, we ensure that our processors and partners (i) are located in a country ensuring an adequate level of protection, or (ii) have adhered to the Privacy Shield (in case of transfer to the United States), or (iii) have signed a contract with Us that includes the "standard data protection clauses" adopted by the European Commission.

9. What security measures does Stonly put in place to protect your Personal Data?

To provide the highest level of security for your Personal Data, Stonly implements appropriate physical, technical and organizational measures to prevent any alteration or loss of your Personal Data or any unauthorized access to it, and in particular:

• an access to Personal Data strictly reserved to employees and service providers who need to know it. These persons are subject to strict confidentiality obligations and may be subject to sanctions, if necessary, in the event of a breach;
• regular verifications of data collection, storage and processing;
• communication of security instructions to employees who have access to Personal Data;
• hosting of Personal Data in secure data centres;
• traceability of the accesses to the databases;
• 2-factor authentication to critical databases and services;
• data encryption.

10. What are your rights and how to exercise them?

Pursuant to the Regulations, you have the following rights regarding the processing of your Personal Data by Stonly, in its capacity as data controller:

1. To access and be informed: you have the right to be informed in a concise, transparent, intelligible and easily accessible form about the way your Personal Data is processed (this is precisely the purpose of this Privacy Policy). You also have the right to obtain (i) confirmation as to whether or not your Personal Data is being processed by Stonly and, if so, (ii) to access all your Personal Data and obtain a copy of it.
2. To rectify: at any time, you can ask Stonly to rectify and/or complete any of your Personal Data which would be incomplete or erroneous, which Stonly will do as soon as possible.
3. To erase: in certain cases, you can ask Stonly to erase your Personal Data ("right to be forgotten"); however, as this is not an absolute right, Stonly may have, in certain cases, legal or legitimate reasons to keep your Personal Data.
4. To restrict: in certain cases listed in article 18 of the GDPR, you can ask Stonly to restrict the processing of your Personal Data.
5. To transfer: you have the right to data portability, in a structured, commonly used, and machine-readable format. You are free to transmit your Personal Data to a recipient of your choice without Stonly being able to oppose it. However, this right only applies if the processing of your Personal Data is based on your consent or on the execution of a contract, and if the processing is carried out by automated means.
6. To oppose: when the processing of your Personal Data is based on Stonly’s legitimate interest, you have the possibility to oppose to this processing. Stonly will then stop the processing of your Personal Data unless there is a legitimate reason to do so. You also have the right to object at any time to the processing of your Personal Data for marketing purposes. Finally, you have the right to unsubscribe from our newsletter simply by clicking on the "Unsubscribe" link at the bottom of each newsletter.
7. Setting out instructions on data handling after your death: these instructions, which may be revoked at any any time, may concern the retention, deletion, or communication of your Personal Data after your death by designating a person responsible for their execution:
• when they are general directives, you may transmit them to a trustworthy third party certified by the CNIL,
• when it comes to specific instructions, you can send them directly to Stonly (see Section 11).
8. Filing a complaint: you are always entitled to file a complaint with the Commission nationale de l'informatique et des libertés (CNIL).

11. Contact

If you wish to exercise some or all of the above rights or to receive some additional information, you can send a request to Stonly, accompanied by a copy of a signed proof of your identity and any other information necessary to confirm your identity and process your request (your postal address for example):

• by email: gdpr@stonly.com
• by mail to: Stonly, 36 Rue Chaptal – 92300 Levallois-Perret.

A response will be sent to you within one (1) month of receipt of your request.

12. Modification of the Privacy Policy

Stonly reserves the right to modify this Privacy Policy, at any time, according in particular to the legal and regulatory context and the recommendations, opinions, and decisions of the CNIL, the European Committee for Data Protection and the French and European jurisdictions.

See our Data Processing Addendum

Last update : June 16th, 2020.